Toby Murray writes:
>In the attack, the unsealer is being passed an object that has the
>authority to cause the box to divulge its contents. Hence, one might
>argue that the unsealer is being passed an object that is analogous to a
>proxy for the box and, hence, the attack might be viewed as valid
>behaviour in some cases.
I'd say: This is an accurate description of the actual behavior of this
sealer/unsealer implementation, but it's not the desired or intended or
specified behavior for a sealer/unsealer. If Viktor is relying upon
this Brand to behave like a brand ought to, then his security goals
can be violated.